5 matches found
CVE-2025-54795
Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...
1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +210 more potentially affected by CVE-2025-54795 +1 more via @anthropic-ai/claude-code (>=1.0.108 <=1.0.128)
@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-54795, CVE-2025-547954 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-11502065...
CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution
Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...
CVE-2025-54795
CVE-2025-54795 affects Claude Code. Multiple connected sources confirm a command parsing error in versions below 1.0.20 that can bypass the in-application confirmation prompt and trigger execution of untrusted commands when attack content is fed into the Claude Code context window. Impacted data/...
1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +222 more potentially affected by CVE-2025-54795 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.128)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-54795 Source advisory: OSV:GHSA-X56V-X2H6-7J34...